Debian

Debian Linux

9142 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.44%
  • Published 15.12.2015 21:59:02
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

  • EPSS 3.44%
  • Published 15.12.2015 21:59:01
  • Last modified 12.04.2025 10:46:40

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.

  • EPSS 1.99%
  • Published 15.12.2015 21:59:00
  • Last modified 12.04.2025 10:46:40

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab...

  • EPSS 8.64%
  • Published 06.12.2015 20:59:06
  • Last modified 12.04.2025 10:46:40

ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (...

  • EPSS 3.85%
  • Published 06.12.2015 20:59:05
  • Last modified 12.04.2025 10:46:40

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to ob...

  • EPSS 64.59%
  • Published 06.12.2015 20:59:04
  • Last modified 12.04.2025 10:46:40

crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function p...

  • EPSS 18.79%
  • Published 06.12.2015 01:59:00
  • Last modified 12.04.2025 10:46:40

The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service ...

  • EPSS 1.32%
  • Published 03.12.2015 20:59:00
  • Last modified 12.04.2025 10:46:40

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitra...

Exploit
  • EPSS 0.93%
  • Published 24.11.2015 20:59:15
  • Last modified 12.04.2025 10:46:40

The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which trigge...

Exploit
  • EPSS 1.48%
  • Published 19.11.2015 20:59:09
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that...